CVE-2024-9004 | D-Link DAR-7000 up to 20240912 Backup_Server_commit.php host os command injection (SAP10354)

A vulnerability classified as critical has been found in D-Link DAR-7000 up to 20240912. Affected is an unknown function of the file /view/DBManage/Backup_Server_commit.php. The manipulation of the argument host leads to os command injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

This vulnerability is traded as CVE-2024-9004. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

It is recommended to replace the affected component with an alternative.

CVE-2024-9004 | D-Link DAR-7000 up to 20240912 Backup_Server_commit.php host os command injection (SAP10354)

Post correlati

CVE-2024-23192 | Open-Xchange OX App Suite up to 7.10.6-rev40/8.20 RSS Feed cross site scripting (adv-2024-0001)

CVE-2023-49197 | Apasionados DoFollow Case by Case Plugin up to 3.4.2 on WordPress cross-site request forgery

CVE-2024-5419 | Contact Form 7 Widget For Elementor Page Builder Plugin cross site scripting

CVE-2024-2618 | Elementor Header & Footer Builder Plugin up to 1.6.26 on WordPress cross site scripting